Smokes your problems, coughs fresh air.

Tag: security

The insecurity of security questions

Another article link from my dusted-over ~jot directory: The Insecurity of Security Questions: Why I met my wife in CWmKryWzuxCSAnMDuIg. [So dusted-over is my ~/jot directory that Tom Moertel, the article’s author, has changed he link schema of his blog without providing redirects. (The slashes in the date turned to dashed.) Cool URLs don’t change, Tom, not according to the W3C and Jacob Nielsen. 😉 ]

Anyway, I am one of those people who randomly generates his (often overly long) passwords, which I store in a strongly encrypted file, but the article provided a great reminder that I should do the same for my answers to ‘security’ questions.

Learning to ‘hack’ with Security Override

In August 2011, probably while procrastinating learning for my university admission exams, with one mouldy foot still in my IT-past, I signed up for Security Override, an online game designed to turn network security n00bs such as myself into novices.

I’ve never dedicated the 20 hours to learn anything to the game, which I should have spent Josh Kaufman to ascent my n00b-state, but I nevertheless had some solid fun with it. 🙂

Styling visited links for payformystay.com

I wanted to change the text of visited links on payformystay.com, using CSS. In the offer summary, I wanted to change the link text “Check it out!” with “Check it out again!” after the user had indeed checked out the offer.

A payformystay.com offer

An example of a payformystay.com offer where I'd want to replace the 'Check it out!' link text.

I thought I could use something as simple as:

<a href="/offer/34234-title">
  <span class="unvisited-label">Check it out!</span>
  <span class="visited-label">Check it out again!</span>
</a>

together with…

a:link span.visited-label,
a:visited span.unvisited-label {
 :;
}
 
a:link span.unvisited-label,
a:visited span.visited-label {
 :;
}

Or, even simpler:

a:visited {
 : 'Check it out again!';
}

However, I bumped into a glass wall while trying to get this to work. Apparently, browser manufacturers have been removing features to increase security. The problem, apparently, is that as a third party you could find out if somebody has been visiting a particular URL by linking to, styling :visited links and then querying the computed styles of the link. To avoid this, getComputedStyle() in the major browsers now lies and most style rules are ignored within rules applied to the :visited pseudo-class.

I’m still considering a work-around with JavaScript (setting a visited class) on the anchors, because I hate to let a good darling die.

Matriux, a penetration testing and security analysis LiveCD

Last December, someone pointed me to Matriux. In their own words:

It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

It comes with a wide arsenal of free software tools to do naughty things to your network. I think I should give it a swing and download it some time.

© 2024 BigSmoke

Theme by Anders NorenUp ↑